[Samba] Password Resets as root
Volker.Lendecke at SerNet.DE
Tue Jul 12 00:32:26 MDT 2011
On Mon, Jul 11, 2011 at 10:45:21AM -0500, John P Janosik wrote:
> I've got a cluster of Samba servers with security=user and a ctdb passdb
> backend. I need to keep the passwords for the users in sync with another
> system, which will pass me userid and password for each change and reset.
> My question is what is the simplest way to do the password reset for a
> user as root on one of the Samba servers. I need to allow the user to
> change their password immediately after reset despite the presence of a
> minimum password age policy in the case of reset. It seems windows does
> this by setting one of the password time fields to 0 to mean "password
> must change at next login" for this case. If I use "smbpasswd -s" as root
> the password is changed as I want, but the user cannot change the password
> until the next day. I didn't see a way to set this flag via any of the
> Samba tools as root.
> I was able to get this working via rpcclient by mimicking an admin
> password reset from a Windows machine, but this required having access to
> the password for an admin account available to the automation.
> I ended up patching pdbedit to add a new option " -Y, --pw-must-change
> set password must change flag" and call this after setting the pw.
> Does anyone know if there is another way to accomplish this so I don't
> have to patch Samba at each release? If there is no way with the current
> tools would a patch be accepted to add this?
First, such a patch would be appreciated, although pdbedit
is a bit deprecated. Try "net sam set pwdmustchangenow".
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba